ResolverRAT malware is targeting the healthcare and pharmaceutical sectors in a new, sophisticated cyberattack campaign.
The attack uses phishing emails to deliver its payload. These emails create urgency with topics like copyright violations or legal threats. They trick users into clicking a malicious link.
Once clicked, the link directs the victim to download a file. This file activates a hidden execution chain that launches the malware.
How the ResolverRAT Attack Works
According to a recent report, this malware uses DLL side-loading to start the infection. The first stage decrypts the main payload directly in memory.
This in-memory design helps the malware avoid detection. It doesn’t leave obvious traces on the system.
Moreover, it uses encrypted communication and advanced obfuscation techniques. Therefore, most antivirus tools fail to detect it.
ResolverRAT uses Windows Registry changes and file system tricks to stay active. Even if one path fails, it can restart from another location.
Why This Campaign Is Dangerous
The phishing lures are customized in many languages, Hindi, Italian, Turkish, and more. This shows a wide-reaching campaign.
Once activated, the malware uses a certificate-based login to a command server. It avoids system authority checks and can switch servers if blocked.
Additionally, it uses irregular connection patterns and hidden coding techniques. These help it avoid raising red flags with monitoring tools.
The malware breaks large stolen data into small pieces before sending it out. This makes the theft harder to detect.
Connection to Other Attacks
Researchers say ResolverRAT shows similarities to previous phishing campaigns. This includes overlaps in the way it is delivered and operated.
The report also mentions another threat, Neptune RAT. While different in design, both malware strains use stealth, plugins, and persistence to stay hidden.
Neptune RAT also steals passwords, monitors screens, and demands ransom. Although available on sites like GitHub and Telegram, the original source was recently removed.
How to Prevent ResolverRAT Attacks
To stay safe from threats like ResolverRAT, follow these steps:
- Educate staff on phishing emails and warning signs.
- Use updated security software that detects memory-based threats.
- Apply email filters to block suspicious attachments and links.
- Limit admin privileges on employee accounts.
- Monitor network traffic for unusual connections or data exfiltration.
ResolverRAT malware is a serious and stealthy threat. However, proactive security steps can help reduce exposure and protect sensitive health data.
Sleep well, we got you covered.
